2. So let's open the ascii art contest: https://nixers.net/showthread.php?tid=1862
We see there's a spoiler tag with the text:
(Scavenger Hunt)
Check the profile of this contest's winner
"it's missing 10 - hint is the name of this contest"

xero was the winner of this contest, in his profile there used to be as signature a text where each letter has its ascii representation number - 10, all you had to do was add 10 back and revert the ascii number to their representation (this is the missing part).
It should output "https://podcast.nixers.net/hidden.html"
(If you still want to play it you can start from here)
3. The page mentions:
Un(image of a zipper) the nixers sticker (the one who won obviously - see thread)
We open the thread, download the winning sticker and unzip it

Which outputs: Go back to the hidden page, HINTS, Same way as this text decode, 4 + 3 + 2 + metadata, Find link
5. There's not much on the page other than the zipper image.

Code:

wget 'https://podcast.nixers.net/zipper.gif'

It's a gif so it can contain layers, let's check them with gimp.
Indeed there's some layers with text in them. Let's put it together: YmxpbmQuaHRtb
Now what about this metadata?
In gimp we can go into image > image properties and find a comment: Ao=
Overall that gives us: YmxpbmQuaHRtbAo=, which again is base64 for "blind.html".
Let's open it: https://podcast.nixers.net/blind.html
6. It says it's the last challenge:

Connect THE DOTS :D
With a weird image like that what are we supposed to do?
It's called blind.png but the page says to connect the dots.
This is braille.

The certificate signature doesn't match, it means the certificate has been modified.
You can see there's an added:

Code:

venam.nixers.net/scavang/historys

3. Let's open that page, we get a bunch of questions:
Using the standard for terminals text (X3.64), show "hello" in bold, in the simplest way?
Using the caret notation, show ESC then arrow up AKA ALT+UP?
The answers are: \e[1mhello and ^[^[[A respectively
4.
After solving it the page prints out a QR code:
Which represent a URL: https://venam.nixers.net/scavang/nice_one_fellow
5.
The page has the following text:

The pixels (what are pixels made of? pixy dust, no?) that are not completely black or white represent an ASCII letter.

And then there's a picture with small colored dots/pixels.
Let's save the picture and try to analyze the pixels it.
You can extract the colors programatically or simply via an image editor with the color extraction tool.

The simplest thing we can do is to add up every r,g,b in the pixel and get the ascii character represented by it.

We enter anything and it replies with "Wrong credit card number".
This is a credit card checksum for sure, the Luhn checksum.
For example "413668426188716?" has the checksum "0".
We enter it, then:
"This is it, this is almost the end. Now check the end of the related podcast episode, the key is '!!june_love_and_nixers!!'."

There's the ascii art of a cicada, the title says "TXT art and more", and the bottom text:

Code:

vnm
cicada.ni
Am I not alive?
Why am I directed instead of domainating.

There's seems to be a typo, "domainating", what does that mean, cicada.ni, TXT.
This all reminds us of domain names. Let's dig or drill it. (There also were some hints in the newsletter issue 56 https://newsletter.nixers.net/entries.php#56 about this)

Code:

dig cicada.nixers.net TXT +short

And the server replies:

Code:

"go back, think meta about the txt and its custom representation"

So we should go back to the page and think meta about it, about the txt and its custom representation...Apparently.

There's nothing else left than to check the source of the page. There doesn't seem to be anything special other than some css and a favicon. In the css there's a font called "custom", that looks deliberate.

We need to download it to inspect it locally.

But how do we actually inspect fonts, the text editor doesn't help us with anything.
(There's another hint in issue 56 of the newsletter)

The most prominent software to edit font is fontforge, maybe it will do something.

Code:

fontforge custom.ttf

A character suddenly pops up in your face. Inside the dot there's the text: "nixers.net/fix_me_bad".

Interesting. Again, we open that new page, it contains some code, let's download it locally.

This doesn't look like any language I know, it's close to C though and it says fixme.
The first lines are:

A big file with multiple certificates and keys part is outputed. One say PART1, another PART3, after that GPG and a GPG key with as comment "Comment: ./img.zip".

Yet another file to download... It's a file that is protected by the same gpg key.
We import it and decrypt the file, the password it asks for is the them of the hunt, "cicada".

The file it outputs, after inspection of the magic bytes, is a gzip archive (tar.gz).

Code:

tar -zxvf img.decrypt.zip

We have a new "pkg" directory to play with in which we find:

Code:

HELP
REC.IMG

The HELP says:

Quote:Issue 50 will help you analyse the file and Issue 54 for the next step

It's referring to the newsletter: https://newsletter.nixers.net/entries.php#50
We have an image of a filesystem so there must be a part that's related: "More extra content related to the podcast" mentions filesystem recursion in FAT12 and the FS seems to be FAT12.

Anyway, we mount it.

Code:

mkdir mnt
mount -o loop REC.IMG mnt

Ohh, there's a 4GB file in there... how did that fit in the small image...
Whatever, it's just trickery.
The file is an ELF, maybe it's special.

The thing that pops out are the upper case letters. If we join them we obtain:
RFC_NAME_NUMBER

This is the challenge solution.

Rfc:

The question is " Give the RFC dedicated to naming machines. ", which was in "Naming a new machine" issue 69. The RFC number is 1178.

Special text:

It's a page that says the text is special, plus a hint " thieves and 0s ".

"Are you having fun this scavenger hunt?"

There's something hidden in this text, it's clear when you paste it in vim for example, there are zero width characters in it. To get the hidden text you have to use the tool presented in "Keeping thieves away" of issue 69.

You'll get back: "Github:scavjunixers", which is the solution

User:

There's not much here, you should use the hint of the previous hunt to continue.
Go on Github and clone on your machine the only repo of the user scavjunixers.

Code:

git clone 'https://github.com/scavjunixers/make_me_happy'

There's a hint that in this repo there's a shell script made using makeself.io

So it should be a compressed directory in a script, let's execute it and get that, not much else to do here.

You get back the directory "username_step" which contains "first.mp3" and "hint.sh".

The hint says "metadata, zip, not-really-meta".

We inspect the ID3 tags for the mp3 file, there's an image in it.
You have to extract the image from the mp3.

Next step is zip. That image is concatenated with a zip, executing unzip image.png does the trick and greets you with a new file "9999.mp3"

Now for the "not-really-meta". call up the "strings" utility on your unix machine for this file to find a base64 encoded value, and you'll know the final answer.

QR code:

This page only has a Qr code. The hint is pretty clear " Do literally what it says! ".
So we scan it and it tells us to give it its weight.
Weight of what?
Let's dig the newsletter.

There's an interesting entry called "File physical weight" in 12 accompanied by an implementation code.
We run it, get back the weight of the image and that's it, voilà.

Email:

There are two inputs, one for email and the other for the final answer.
The hint says " Only the ASCII version of the text is required for the answer. "

It seems to be base64 at first sight, so let's try that.
It still comes back as garbled but there's some readable bits in it "This is wrapper in a format loved by gpg,openssl and other encryption tools".

There have been a bunch of entries in the newsletter about those tool and the format they use, so let's remind ourselves "Let's play with encoding and formats" in 71 for example.

The format used for certificates and gpg key is the ASN1 format, openssl and asn1dump can help.

That's what we get back "qᵫﬆi? four & ﬁve ?e neꋏ", oh that's unicode but the first hint said we needed only ascii back. So here we go to the next question.

Q4 & 5:

Those ones are straight forward:
" An extended attribute used to avoid destroying information that is already there while still allowed editing. "
and
" The gcc flag that wraps together the generation of a PGO. "

The answers are "a" or "+a" and "-fprofile-generate"

gaufres:

Also straight forward:
"gopher://188.166.241.192/"

Simply visit the gopher website using a client that supports the gopher protocol. it's the default page with an extra special entry, which is where the answer is.

jargon:

" The name of jargon file representing a period in which beginners get extremely obsessed with programming. "

The answer is "larval stage"

File type:

This is the last challenge.

There's a file with the extension "sfp"
That's a Spline Font Database file, a file used in fontforge.

Once opened in fontforge it becomes obvious that certain characters have something special, they are highlighted in red. They are the "n" "i" "x" "e" "r" "s" letters. They contain comments that together form the last solution.

I love it!
Too bad I wasn't there for most of those hunts.
I'll try my luck with the new one https://nixers.net/showthread.php?tid=2183 ,I'm at the second step now.
The hunts look easy when reading the solutions but I bet it's difficult to find what to do next on the quest.

The solution to the "Scavenger hunt of June 2018" has been added for those who wants to cheat. This hunt will stay online for a long while, so don't open the spoiler alert if you want to play it someday.